Cyber Incident Victim: Electronic Arts Inc.
Date:
Sep 2013
Location:
Australia
Summary
A cyber attack targeted EA Firemonkeys' standalone forums, compromising user information which allegedly included names and email addresses of over 40,000 members. The publisher initially cited maintenance for the forum shutdown without disclosing the breach, later confirming only a limited number of email addresses were potentially accessed while denying evidence of passwords, security questions, payment data, or other sensitive information exposure. Immediate containment actions involved taking the affected server offline, with no impact to broader corporate systems or databases beyond the isolated forum.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2013, EA Firemonkeys—a studio formed in 2012 through the merger of Firemint and Iron Monkey—experienced a cyber attack targeting its stand-alone online forums. The studio, known for developing the Real Racing series and mobile adaptations of franchises like Mass Effect and The Sims, immediately shut down the compromised forums and took the affected server offline to prevent further exploitation. At the time, EA publicly attributed the forum takedown to "temporary maintenance," omitting any reference to a security breach or potential data compromise. This lack of disclosure persisted for nearly a year until September 2014, when a Reddit user alleged that attackers had downloaded and stolen information belonging to over 40,000 forum members, including names and email addresses. The post further accused EA of suppressing information about the incident. Kotaku Australia corroborated the timeline, confirming EA's original maintenance announcement contained no breach notification.
Following public scrutiny from these allegations, EA issued a formal statement in September 2014 acknowledging the 2013 attack. The publisher clarified that only the isolated Firemonkeys forum infrastructure was compromised, with no penetration of broader EA systems or corporate databases occurring. While the Reddit claim specified theft of 40,000 users' data, EA's investigation concluded only "a small number of customer email addresses were potentially obtained." The company asserted no evidence indicated unauthorized access to passwords, security questions, payment details, names, or other sensitive account credentials that could facilitate unauthorized account access. EA emphasized Firemonkeys' rapid containment actions—forum deactivation and server isolation—as preventative measures against data misuse. The incident exposed discrepancies between internal incident response protocols and external communication practices, as users criticized the delayed transparency regarding potential email address exposure.